[36978] in North American Network Operators' Group
Linux, ECN and old firewalls
daemon@ATHENA.MIT.EDU (Lee Watterworth)
Fri Apr 27 16:03:37 2001
Message-ID: <2E0F497E30A841408418B05A95E6651E9843C6@xch04ykf.rim.net>
From: Lee Watterworth <lwatterworth@rim.net>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Fri, 27 Apr 2001 15:53:17 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
Hello all,
Bumped into a problem where my firewall was refusing connections from a
linux machine, found the reason and thought I would share:
==============================
CONFIG_INET_ECN:
Explicit Congestion Notification (ECN) allows routers to notify
clients about network congestion, resulting in fewer dropped packets
and increased network performance. This option adds ECN support to
the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn)
which allows ECN support to be disabled at runtime.
Note that, on the Internet, there are many broken firewalls which
refuse connections from ECN-enabled machines, and it may be a while
before these firewalls are fixed. Until then, to access a site behind
such a firewall (some of which are major sites, at the time of this
writing) you will have to disable this option, either by saying N now
or by using the sysctl.
